A Certificate Signing Request (CSR) is required for ordering an SSL certificate. Once you generated a CSR also a private key will be generated on your web server. If you want to create a wildcard certificate, you need to fill an * (asterisk) as a common name for example, *.mydomain.com.

Generating the CSR with the openSSL Command

For creating a CSR you must be logged in to the server via an SSH connection. Use the cd command to navigate to the folder in which the certificates should be saved:

cd /etc/ssl/certs/

CSR with RSA private key

The following command can be used to generate the CSR with SHA1:

openssl req -utf8 -nodes -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

For generating the CSR with a SHA2 hash, the -SHA256 tag is added to the command:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

CSR with ECC private key

When an ECC key is needed, it's required to enter two commands. One for generating the key, and the 2nd for the CSR:

  • openssl ecparam -out server.key -name prime256v1 -genkey
  • openssl req -new -key server.key -out server.csr

You will now be asked to enter some fields like the common name, company name, department, country name, locality. The information given in the CSR needs be correct, since it corresponds to the whois information of the domain name, Chamber of Commerce.
The fields Email Address, Optional company name and Challenge password can be left empty when applying for a web server certificate.

OpenSSL generates two files: the CSR (with the name format www_domainname_com.csr) and the Private Key (with the name format www_domainname_com.key)

  • Country Name (2 letter code) [AU]: NL
  • State or Province Name (full name) [Some-State]: Overijssel
  • Locality Name (eg, city): Zwolle
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: Bedrijfsnaam
  • Organizational Unit Name (eg, section) []: IT
  • Common Name (eg, YOUR name) []: www.domainname.com
  • Email Address []: (optional)
  • A challenge password []: (optional)
  • An optional company name []: (optional)
       

For the Common Name (CN) it is advised to enter the full qualified domain name (FQDN) including the www. example www.domainname.com

 

Did this answer your question?